Drop and grab functionality for VS Code.

Requirements

Cross-platform binary executable CLI that provides functionality for dropping (sending) and grabbing (receiving) secrets using existing infrastructure.

We want to come up with a good strategy of OG Images for SEO and card previews of the site.

Probably solution: @vercel/og

Requirements

• implement optional authorization of receiving user ("grabber") by leveraging SMS verification code sent to number provided by sender ("dropper")

Response from deadrop: {"content":"did nieky handle wacky inputs?"}

Requirements

• allow drop options to be configured via modal
• track drop options in redis
• return drop options as static props for /grab page

Implement PWA support for web application to be saved to mobile home screens

Requirements

• extend drop functionality to be able to send .json, .env, .yml, and .txt files

Requirements

• configure CLI distribution via Homebrew

References

• example implementation

When attempting to drop a JSON Doc as a secret, ex:

deadrop returns a stringified version of what looks like a wrapper object instead of the desired content:
{"content":"{\n \"foo\": \"bar\"\n}"}

Requirements

• implement delete call for session at end of drop
• implement expiry time option so redis holds session for longer than 5 mins

Requirements

• implement logic for restricting an IP to a certain number of drops per day

Requirements

• implement drop and grab features within a VS Code Extention

In the future, it may be of interest to users to be able to create a link that others can use to retrieve a secret without peer-to-peer, real-time drops.

Consider password-based encryption patterns like this one.

Requirements

• ability to create, get, rotate, and delete API keys
• implement cosmiconfig to allow API key auth via parsing rc file

References

• cosmiconfig

Requirements

• implement hCaptcha optional requirement for drops

Description

Currently, the beforeunload event is used to block navigation away from a /drop or /grab page when an active peer connection is open. This is to avoid weird UX and dropped or dangling WebRTC and WebSocket connections.

However, because of how Next.js navigates within its framework, it does not trigger the beforeunload event when navigating and thus doesn't block navigation or cleanup peer connections before leaving the page.

Solution

A blocking approaching using an event listener on Next.js' Router should be able to provide the desired functionality.

Requirements

• refactor cryptographic functionality from web application workspace to shared so it can be leveraged by cli implementation workplace

Benefits

• unified functionality for higher code reusability

Requirements

• implement end-to-end testing infrastructure with Playwright and GitHub Actions

Changelog

• implement expiring link functionality with dynamic QR code generation

Overview

To streamline repeat secret-sharing and simplify the UX, it would be good to have a device-level vault that stores secrets using password-based encryption. This would allow users to have secrets more readily available to drop.

Requirements

• encrypted read/write to device data store
  • IndexedDB, fallback to local storage
• implement UI for creating and managing vaults

A user system is needed to authenticate users for future features and/or enhancements such as:

• captcha bypass
• personal drop URL (deprioritized)
• premium and/or paid features

To be developed using NextAuth.js with initial support for Google and GitHub flows.

Requirements

• allow for multiple receiving users ("grabbers") to connect to the same drop instance ("dropper")
• allow dropper to configure max connections

Requirements

• determine user system
• implement tiered functionality for premium subscribers

Requirements

• look into implementing deaddrop as a CLI leveraging Node.JS crypto module

References

• commander